Pharming Makes Rotten Produce
By Michele Petry Guru BIOS
Randy is a smart customer. He wouldn't think of clicking on a link in a phishing email. He knows better. Instead, when he wants to log on to online banking, he types his bank's domain name into the location box in his browser. That guarantees he'll end up where he wants to be. Or, does it?!
A simple slip of the finger resulting in a misspelled domain name can signal danger as sophisticated fraudsters set up bogus domains to take advantage of unwitting customers. The techniques, known as pharming, involve intercepting or redirecting the user to a fraudulent website set up for the specific purpose of stealing a customer's information. Once the information is entered, the thieves act quickly, using the information to purchase merchandise, transfer funds or obtain additional credit.
The FDIC recently released FIL-64-2005 - Guidance on How Financial Institutions Can Protect Against Pharming Attacks, detailing the various type of pharming attacks. These range from static domain name spoofing to more sophisticated domain hijacking and DNS poisoning.
What's in a name, or a "nme"?
If you've ever typed a URL into the address line of an Internet browser, you likely know how easy it is to make a mistake or misspell a domain name. Internet fraudsters take advantage of that fact and register static domains similar to commonly misspelled legitimate domains. Then, using page designs similar to legitimate sites the fraudsters confuse and lure users into providing personal details.
To reduce the risks associated with static domain spoofing you should check regularly for domains similar to your legitimate domain. For example, mis-typing www.bankersonline.com as www.bankeronline.com brings you to a site that sells domains at a premium. It could have been worse, for example, if the misspelled domain was actually made to spoof our real domain while enticing users to disclose personal information. There are also service companies that will perform these checks automatically and send a report detailing any evidence of fraudulent activity or brand infringement.
Viruses, Worms and Trojans. Oh joy!
Who hasn't experienced the debilitating effect viruses and other forms of malware can have on a user's computer. Whether it is being inconvenienced by a flood of virus-laden email or more seriously impacted by Trojan code that has been secretly embedded on a user's computer; malicious software or spyware is capable of capturing information and transmitting it to fraudulent sites designed to steal a user's personal information.
As fraudsters become savvier, ever newer and more potent strains of viruses and Trojans are emerging. Staying up-to-date with the latest anti-virus software is essential to mitigating the risks associated with malicious software. It is not enough to ensure that virus protection is in place throughout your institution, banks must also be concerned with educating customers on the importance of properly updated virus software, to prevent customers from potentially falling victim to pharming attacks when attempting to reach your institution's website. The old adage, "An ounce of prevention is worth a pound of cure," speaks volumes to the potential fallout from a customer's being misdirected to a fraudulent website that could cause additional damage both in terms of the bank's reputation as well as the loss of customer information that would lead to identity theft and additional fraud.
Remember long-distance carrier slamming?
Cyber criminals employ Domain Name Server (DNS) switching techniques similar to those used by long-distance phone carriers that illegally slammed a customer by changing a long-distance provider without the customer's knowledge. In the cyber world, criminals can hijack a domain by submitting changes to switch among domain name registrars. During the switching process the domain is routed to a new, illegitimate server that is set up to look like the legitimate web site. Domains can also get into the hands of criminals if their registrations are not properly managed. Since domains names are leased through domain name registrar companies, those that are not renewed in a timely manner are released to be resold. Several companies exist for the sole purpose of searching out and registering expired domains. If the domain falls into the hands of an illegitimate group, companies are left with invoking trade name laws to recover the domain. This can be a lengthy and expensive proposition, so the management of your domain is extremely important.
System Administration is Key
Attacks on your network infrastructure, in particular on your local DNS server, can also result in a pharming threat that can misdirect your customers aware from your web site. Domain name server poisoning can occur as a result of a faulty DNS configuration or from unpatched vulnerabilities in the DNS service. Other network vulnerabilities can also lead to stealth Trojans and other forms of malware being placed on your server. Once in place, the malware can run undetected, making changes to the IP addresses within the DNS server to redirect users to a fraudulent website. Well-managed network administration is vital to mitigate the risks your organization faces from these forms of cyberthreats.
Educating customers
Financial institutions face a number of serious risks associated with pharming. Customers' information can be compromised, leaving the institution open to potential fraud losses as well as reputation risks. To mitigate these risks the FDIC strongly recommends engaging in educational campaigns to make your customers aware of the potential threats associated with online activity.
Recommending that your customers install and update virus protection and firewall software is one important recommendation. The FDIC also recommends educating customers on the following:
Raising the security setting on browsers to prompt the users whenever a Web site attempts to install a new program or Active-X control.
Avoid downloading software from unknown sources.
Maintain all patches to operating systems and browsers.
Not opening e-mail from untrustworthy sources.
Engaging in informational campaigns with your customers reinforces the importance your financial institution places on ensuring online security, and emphasizes the important role customers play in helping to keep their information secure.
BankersOnline is a free service made possible by the generous support of our
advertisers and sponsors. Advertisers and sponsors are not responsible for site content. Please help us keep BankersOnline FREE to all
banking professionals. Support our advertisers and sponsors by clicking
through to learn more about their products and services.
Print Friendly!
Email This Article!
Discuss NOW!
